A lot of research has been happening about attacking hardware in recent times.

Two recent and interesting papers have been released regarding attacks on the x86 architecture and the BIOS.

Joanna Rutkowska of Invisible Things Labs (ITL) and her colleague Rafal Wojtczuk have released details in coordination with Loic Duflot at CanSecWest regarding attacks on the CPU cache. Duflot reported the weakness to Intel in October of last year while ITL reported in February of this year. These discoveries were made independently of each other.

Without going into the technical details of the attack, it would offer privileges higher than that of the Operating System kernel. Intel has been working on a fix for this too, so it is not all bad news.

Details regarding this can be found at:

http://cansecwest.com/csw09/csw09-duflot.pdf
http://theinvisiblethings.blogspot.com/2009/03/attacking-smm-memory-via-intel-cpu.html
http://invisiblethingslab.com/itl/Resources.html

Independent research released by Core Securities researchers, Anibal L. Sacco and Alfredo A. Ortega, demonstrates an attack that allows the BIOS to be updated to execute arbitrary code. The impact of this could be worse than the MBR Rootkits. You can't format your drive to fix it!!! Flashing the BIOS should work on some systems that allow the BIOS to be bypassed. IBM offers functionality to perform a CMOS recovery. The only other option is to do a hot swap of the BIOS and update the BIOS on a live system. For this to work the two BIOS must be from the same mainboard model.

The presentation for CanSecWest where they released their research is available at: http://cansecwest.com/csw09/csw09-sacco-ortega.pdf

Cheers
Zane.